Description
SQL injection vulnerability in the Yet another Newsletter Component (aka YaNC or com_yanc) component before 1.5 beta 3 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter to index.php. NOTE: some of these details are obtained from third party information.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by snakespc · textwebappsphp
https://www.exploit-db.com/exploits/11603
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24030
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/11603
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38454
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/37948
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/0806-exploits/joomlayanc-sql.txt
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38780
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/62620
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/3944
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56585
Scores
EPSS
0.0777
EPSS Percentile
92.0%
Details
Status
published
Products (1)
com_yanc/com_yanc
1.4_beta
Published
May 22, 2007
Tracked Since
Feb 18, 2026